Task 6.6 Role based cli
I'm trying to enable view in R5 and I'm getting the message:
" %AAA-6-USER_BLOCKED: Enable view requires to be authenticated by non-none methods,Please use the appropriate method with the login authentication"
Is it a bug ?
I'm trying to enable view in R5 and I'm getting the message:
" %AAA-6-USER_BLOCKED: Enable view requires to be authenticated by non-none methods,Please use the appropriate method with the login authentication"
Is it a bug ?
Comments
Hello, try to do your configuration via telneting the router not from the console.
conf t
username admin secret cisco
aaa authentication login VTYS local
line vty 0 4
login authentication VTYS
Then telnet to one of your IP addresses. You could put authentication on the console too, but it would be safer on the VTY lines.
Best wishes,
Weird thing......
If I enable view on local R5 router, I see the "interface" command under show ?
Rack1R5#enable view INTERN
Password:
Rack1R5#show ?
clock Display the system clock
flash: display information about flash: file system
interfaces Interface status and configuration
parser Show parser commands
However, If I telnet to R5 and repeat the same show comand, but this time the "interface" command is missing from the output
Rack1R6#telnet 150.1.5.5
Trying 150.1.5.5 ... Open
User Access Verification
Username: INTERN
Password:
Rack1R5>show ?
clock Display the system clock
flash: display information about flash: file system
parser Show parser commands
Does anyone have the same problem?
OK, I did some more testings and found out that eventhough show interface is not listed but I was still able to do show interface as follow: Weird....
Rack1R5>sh int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 0025.8433.6014 (bia 0025.8433.6014)
Internet address is 164.1.5.5/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
I tried other commands that are not listed and it is not working as expected
Rack1R5>show ver
^
% Invalid input detected at '^' marker.
I just did:
username CISCO privilege 15 password 0 CISCO
username INTERN privilege 0 password 0 INTERN
privilege exec level 1 help --> Move "help" from 0 to 1
privilege exec level 1 disable --> -''-
privilege exec level 1 show call --> -''-
privilege exec level 0 show clock --> Move sh clock to 0
privilege exec level 0 show parser --> -''-
privilege exec level 0 show interfaces --> -''-
privilege exec level 0 show --> -''-
privilege exec level 1 logout --> Move "logout from 0 to 1
Result is:
Trying 150.1.5.5 ... Open
User Access Verification
Username: INTERN
Password:
Rack1R5>?
Exec commands:
<1-99> Session number to resume
enable Turn on privileged commands
exit Exit from the EXEC
show Show running system information
Rack1R5>show ?
clock Display the system clock
flash: display information about flash: file system
interfaces Interface status and configuration
parser Show parser commands
Yes, same issue here on Dynamips with the visibility of the 'interfaces' option.
Exactly the same here.
I tried going back and adding some other random commands to the parser view, but when i telnet in to the router these too are not shown::
Rack1R5#sh run | se parser
parser view INTERN
secret 5 $1$WkdQ$GzH3ek4YJdnhxTRMNzykP.
commands exec include show ntp status
commands exec include show clock
commands exec include show interfaces
commands exec include show
then:
Rack1R4#telnet 150.1.5.5
Trying 150.1.5.5 ... Open
User Access Verification
Username: INTERN
Password:
Rack1R5>show ?
clock Display the system clock
flash: display information about flash: file system
parser Show parser commands
Rack1R5>show ntp status
%NTP is not enabled.
Rack1R5>
I am putting this down to a mistake in the question.. [:)]